Hello Peter, > On 4 Oct 2023, at 07:42, Peter Thomassen <pe...@desec.io> wrote: > > Hi Atanas, > > On 10/3/23 18:56, atanas argirov via Pdns-users wrote: >> * testing malformed fingerprint size of (hash size +/- 2) is accepted with >> no complaints from both API and pdnsutil >> My question is: >> * is there any validation on the SSHFP fingerprint size based on the hash >> type? > > Apparently not. > >> * where this trailing zero comes from on hash size of +/- 1? > Each hex digit is half a byte. I expect the pdns code to process bytes (not > half-bytes), and the missing bits are filled up with zero. > > Avoiding this would require keeping extra state about the input length, but > there's probably not value in that if the operation is already bound to fail.
Thank you very much for the insights on the subject, appreciated. We will work around these limitations. > > Cheers, > Peter > > -- > Like our community service? 💛 > Please consider donating at > > https://desec.io/ > > deSEC e.V. > Kyffhäuserstr. 5 > 10781 Berlin > Germany > > Vorstandsvorsitz: Nils Wisiol > Registergericht: AG Berlin (Charlottenburg) VR 37525 Best, Atanas — PGP: 0178 A605 C5E5 D207 E940 D109 BACE D962 BA03 327F _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
